Tag: openvz

I recently read a post/advert claiming that VMWare was a ‘much better’ platform for hosting Asterisk than any other virtualization platform, such as OpenVZ, Xen, KVM … So I thought I’d write a little about the architecture running the SysAdminMan VPSs and why it was chosen. There are a few different names given to a virtualized server – Virtual Private Server (VPS), Virtual Dedicated Server (VDS), VM (Virtual Machine) but they all refer to the same overall goal – take a dedicated server and partition it in to several virtual servers that share the underlying hardware. Now, don’t get me…

Installing Digium’s g.729 codec for Asterisk on an OpenVZ VPS requires an Asterisk friendly VPS provider. This is because the installation routine relies on there being an ‘eth0’ device on the server. This is not normally the case with OpenVZ where the network device is called venet0. An ‘eth0’ device can be created on the VPS by running the following command (this is done on the OpenVZ server) – (see here for more information – http://wiki.openvz.org/Asterisk_G729) vzctl set $VEID –netif_add eth0 –save

I’ve started renting out some OpenVZ VPSs for a few people and wanted to make sure that they couldn’t be used to send spam. One of the easiest ways to do this is just to limit the number of outbound smtp connections allowed from the VPS using iptables. I used the following iptables rules on the OpenVZ host node to accomplish this – # Limit number of SMTP connections from Mail Server <br>iptables -A FORWARD -o eth0 -p tcp -s 77.211.239.14 –dport 25 -m limit –limit 3/minute -m state –state NEW -j ACCEPT <br># iptables -A FORWARD -o eth0 -p…

I’ve been playing with OpenVPN for the past couple of weeks and I’m pretty impressed. OpenVPN allows you to create a private network between 2 computers. These could be 2 servers or a client and a server. A few of the reasons for wanting to do this are – bypassing your ISPs traffic shaping making your traffic appear to originate from a different country encrypting your laptop traffic over an insecure link – such as a coffee shop wifi connection anonymous web surfing bypassing a countries web access controls Setup and configuration of the server component can be fairly complicated…